Bugzilla – Bug 1185126
VUL-0: CVE-2021-20236: zeromq: Stack overflow on server running PUB/XPUB socket
Last modified: 2022-04-06 14:54:45 UTC
rh#1921976 A flaw was found in zeromq before version 4.3.3. The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. References: https://github.com/zeromq/libzmq/pull/3959 https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488 References: https://bugzilla.redhat.com/show_bug.cgi?id=1921976 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20236 https://access.redhat.com/security/cve/CVE-2021-20236
Seem so, closing this bug as duplicate. *** This bug has been marked as a duplicate of bug 1176258 ***